VIETNAM NATIONAL UNIVERSITY HO CHI MINH CITY

UNIVERSITY OF INFORMATION TECHNOLOGY

REPORT
Lab 1: Wireshark getting started

Subject: Computer Network

Class: CS4283.P12.CTTT.1

GROUP MEMBERS (Group ID: xx):

Self-assessment
No. Name Student ID points
1 Trương Minh Hiếu 23520497
2 Nguyễn Thị Quỳnh Nhi 23521111

Total working time

Work assignment

Comments (optional)
+ Troubles
+ Suggestions
+ Recommendations
Lab 1: Wireshark getting started
2

DETAILED REPORT

A. Task 1
1. Question 1
**The total time capturing the packets :
Total time=Time of the last packet−Time of the first packet.
+Time of the last one: 30.898208 seconds.
+Time of the first one: 0.00971 seconds.
 Total time: 30.891237 seconds.
**The total number of packets captured: 8643 packets.

University of Information Technology DETAILED REPORT

 Lab 1: Wireshark getting started
3
a. Question 2
In the captured packets, there are 4 http packets are there in total.
b. Question 3

Protocols Descriptions

MDNS to discover and communicate with each other without the need for a
central DNS server

TCP providing reliable, ordered, and error-checked data transmission

between devices on a network

QUIC to improve web performance by combining the benefits of UDP and

advanced transport layer features, offering reduced latency, enhanced
security, and efficient data handling.

NBNS allows devices on a local network to discover each other using human-
readable names instead of IP addresses.

LLMNR protocol used for name resolution in local area networks (LANs) that
allows devices to resolve hostnames to IP addresses without the need
for a DNS server

c. Question 4
No: 3704
Time: 12.274307
Source: 172.30.102.35
Destination: 128.119.245.12
Protocol: HTTP
Length:569
Info: GET /wireshark-labs/INTRO-wireshark-file1.html HTTP/1.1
-The purpose of this packet: To retrieve the INTRO-wireshark-file1.html file from the
/wireshark-labs/ directory on the server using the HTTP GET method, using the
HTTP/1.1 protocol for communication.
d. Question 5
++Response packet:
No: 6960
Time: 25.341521
Source: 128.119.245.12
Destination: 172.30.102.35
Protocol: HTTP
Length: 492
Info: HTTP/1.1 200 OK (text/html)

University of Information Technology DETAILED REPORT

Lab 1: Wireshark getting started
++Determination: 4
 Base on the source and destination of each file: The source of the packet in
[question 4] is the destination of the response packet, and the destination of the
[question 4] packet is the source of the response packet. => This indicates that
they have the same conversation.
 Base on the packet info: the packet contains a response code (200 OK)
f. Question 6
- First HTTP GET packet receive time: 12.274307 s
- Response packet receive time: 25.341521 s
=> The time the first HTTP GET packet is sent until the corresponding HTTP 200 OK response
packet is received: 13.067214 s.

g. Question 7
Yes, the text “Congratulations! You've downloaded the first Wireshark lab file!” is
in the captured HTTP packets. It is located in the Content section of the command
HTTP/1.1 200 OK (text/html).

Question 8
There are two primary formats for IP addresses: IPv4 and IPv6.
 IPv4: Has a length of 32 bits (4 bytes). Consists of four numbers, separated by
dots. Each number ranges from 0 to 255. As the number of devices connected
to the internet grew exponentially, the available IPv4 addresses became scarce.
 IPv6: Has the length of 128 bits (16 bytes). Consists of eight groups of
hexadecimal numbers, separated by colons. Each group can range from 0000 to

University of Information Technology DETAILED REPORT

Lab 1: Wireshark getting started
FFFF. IPv6 is gaining traction due to its larger address space and enhanced
features.
5
Base on the source and destination of the packs
 The IP address of gaia.cs.umass.edu is: 128.119.245.12
 The IP of the computer used: 172.30.102.35

Question 9
The basis process of sending and receiving packets when accessing a website
 When entering an URL on the browser, the URL will be translated into a
numerical IP address. This is the IP address of the web server hosting the
website. An HTTP request from the computer will be sent to the web server,
specifying the webpage we want to access.
 The web server receives the HTTP request, retrieves the requested web page
from its storage, and generates an HTTP response containing the webpage's
HTML code, images, and other resources.
 The web server breaks the HTTP response into smaller packets and sends them
to your computer over the TCP connection. The computer receives the packets
and reassembles them into the original HTTP response.
The role of the browser
 The bridge: web servers and computers send packets through the browser and
receive HTTP requests from both sides
 Rendering the packets sent by the web server

2.Task 2
e. Question 10: What is the result when applying the filter expression “HTTP”
(like Task 1)? Are there similar results when accessing an HTTP website?
When searching for HTTp like task 1, no results were found.
f. Question 11: What is the IP address of the selected website? What is the IP
address of your computer right now?
-The IP address of the website: 222.255.216.35

University of Information Technology DETAILED REPORT

Lab 1: Wireshark getting started
6

-My computer IP address: 10.45.87.133

University of Information Technology DETAILED REPORT

Lab 1: Wireshark getting started
7

Question 12: Use the packet-display filter to display the packet exchange
between your computer and the website using the syntax: ip.addr== && ip.addr==
Does this indicate that you can see the returned content of the website? Describe
what is observed?

University of Information Technology DETAILED REPORT

Lab 1: Wireshark getting started
Yes it does. While the filter isolates the communication between the computer and
the website, it does not reveal the actual content of the webpage. The TLS encryption
8
prevents us from seeing the cleartext data. To view the content of webpage, you would
need to decrypt the TLS traffic.
Question 13
2 packets that considered important when accessing this website:
 TCP: ensures reliable delivery of data packets. TCP breaks large amounts of
data into smaller packets and sends them to their destination. It also
acknowledges the receipt of packets and retransmits any lost packets to
ensure that all data is delivered correctly.
 TLS: provides security for communication over a computer network. It's
designed to protect data privacy and integrity, ensuring that information
transmitted between two parties remains confidential and is not tampered
with during transit.
Question 14
The usage of IP addresses:
 IP addresses provide unique identification when a device is connected to
the Internet and allow other devices in the network to communicate with it.
 IP addresses can be used to approximately determine the location of a
device, or where a server is located.
 IPs are used by routers to route data packets across the Internet and
calculate the best path for a packet to reach its destination.
 IP addresses are used to organize devices into networks, helping to manage
and control access to different parts of a network.
Some ways to see the IP address of a computer:
 Using Command Prompt/Terminal: Open command prompt/terminal and
type [ipconfig] then Enter -> It will show the IPv4 address of the computer

 Check them in Setting (Window 11 device): Go to "Settings" > "Network &

Internet" > "Advance Network Settings" > “Hardware and connection
properties”

University of Information Technology DETAILED REPORT

Lab 1: Wireshark getting started
9

 Using online tools: access https://www.whatismyip.com/ -> It will show

your IP address

Some way to see IP address of a website

 Using Command prompt/Terminal: Open Command Prompt/Terminal and
type [ping <website>]

 Using online tools: access https://checkip.com.vn/

University of Information Technology DETAILED REPORT

Lab 1: Wireshark getting started
10

University of Information Technology DETAILED REPORT